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[57] ABSTRACT 

An improved security system is disclosed which uses an 
IC card to enhance the security functions involving 
component authentication, user verification, user autho- 
rization and access control, protection of message se- 
crecy and integrity, management of cryptographic 
keys, and auditability. Both the security method and the 
apparatus for embodying these functions across a total 
system or network using a common cryptographic ar- 
chitecture are disclosed. Authorization to perform these 
functions in the various security component device 
nodes in the network can be distributed to the various 
nodes at which they will be executed in order to person- 
alize the use of the components. 
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A -security system using the invention embodies user 
TRANSACTION SYSTEM SECURITY METHOD authorization in the form of several independent pro- 
AND APPARATUS files, configurable and programmable by the application 

owner subsequent to the manufacture of the IC card. 
This is a divisional of co-pending application Ser. No. 5 Required conditions for the execution of each command 
07/418,068 filed on Oct 6, 1989 now U.S. Pat No. are individually programmable by the application 
5,048,085 filed on Sep. 10, 1991. owner, using command configuration data. Access to a 

command is controlled by the content of a user's autho- 
BACKGROUND OF THE INVENTION rization profile^n conjunction with the command con- 

1. Technical Field 10 figuration data for the requested command. 

This invention relates to security for networks in- The user profiles may be downloaded into other secu- 

cluding computer terminals and portable personal data rity devices in the system for the purpose of controlling 

carriers such as IC cards, sometimes called smart cards use of commands, files, and programs in system compo- 

or chip cards, having an onboard computer and elec- nent devices, in addition to the IC card itself. The 

tronic memory for storing data and processing com- 15 downloaded profile temporarily replaces the authoriza- 

mands. tion profile already active in the other device. 

2. Description of the Prior Art The device command configuration data is not down- 
The use of identification cards having computing loaded. The downloaded user authorization profile de- 
power and memory built into the card, has been de- fines the user's security level and authorizations, while 
scribed in the technical literature for some time. Exam- 20 the device command configuration data defines the 
pies are U.S. Pat. Nos. 4,21 1,919 to Ugon, and 3,702,464 authorization required by that device to execute a re- 
to Castrucci. A disadvantage of known prior art IC quested command in that device: The same or different 
cards that use electrically erasable programmable read commands in other devices to which the user's authori- 
only memory (EEPROM) is that the life of an EE- zation profile is transferred may have greater or lesser 
PROM is defined by the number of write cycles (e.g M 25 security requirements defined in, their command con- 
10,000) before a write failure occurs. Accordingly, the figurations. 

usable life of an IC card using the memory is also Urn- The cryptographic keys associated with file and pro- 

j te d gram authorization flag bits in the user authorization 

On-card security protection is taught by U.S. Pat. profiles that are downloaded into other security system 
No. 4,816,653. Security is provided in this prior art 30 components of an intelligent workstation or other corn- 
teaching by having multiple levels of user authorization, puter facility, control access to files and programs in 
Access to a command and to data depends upon who is that workstation or computer facility, 
the current holder of the card, the authority level re- The command set of the IC card is not fixed, 
quired to execute a command, and on password data Through use of tables and additional microcode, loaded 
protection contained in the header of each data file. 35 into the electrically alterable programmable read only 

While providing significantly better user authority memory (EEPROM), new commands can be added to 

checking and security than provided by magnetic stripe the command set, or existing commands can be replaced 

identification cards, the above referenced IC cards op- with updated versions. Control can also be passed to 

crate primarily as only semi-intelligent peripheral mem- added microcode in the EEPROM at specific critical 

ory devices. That is to say, the cards respond to read 40 points in the IC card supervisor microcode, including 

and write command primitives from the workstation, initialization, communications, and authorization 

and provide data or record data if the password of the checking. 

person at the workstation indicates that the person has The definition of data storage blocks in nonvolatile 
the authority to perform the requested command. Furr memory and the read/write access to those data blocks 
ther, the interface to the prior art IC cards is not well 45 are controlled by security and control information in- 
defended. An attack can be made by monitoring the eluding access prerequisites, stored in the header of 
interface while passwords are transferred to or from the each data block in conjunction with the current users 
card. authorization profile. 

Also, the security systems in use with IC cards of the The life of the EEPROM in the IC card is defined by 

prior art are of a fixed architecture and not easily 50 the number of write cycles (e.g., 10,000) before any 

adapted to differing applications from point of sale to write failure occurs. For applicable functions, data is 

social security or other as of yet unidentified applica- written into the memory in such a way as to optimize 

tions. Likewise, when each decision must be referred to the total life of the IC card by spreading write cycles 

the card for processing, a significant number of binary, across many different storage locations, 

yes/no responses are provided by the card which may 55 DESCRIPTION OF THE DRAWINGS 
expose the card to attack by unscrupulous persons. 

FIG. 1 is a view of the security component devices of 

SUMMARY OF THE INVENTION the system of the invention. 

In accordance with the invention, a highly flexible FIG, 2 is a more detailed block diagram of the IC 

and secure identification IC card and a distributed au- 60 card of the invention. 

thorization system are provided. The invention pro- FIG. 3 is a block diagram of the circuits of the IC 

vides an integrated set of system security capabilities, card read write unit. 

utilizing the improved identification card of the inven- FIG. 4 is a block diagram of the circuits of the cryp- 

tion to enhance system component authentication, user tographic adapter card. 

identity verification, user authorization and access con- 65 FIG. 5 is a block diagram of the software and hard- 
trol, message privacy and integrity protection, crypto- ware security components in a workstation, 
graphic key management, and transaction logging for FIG. 6 is a block diagram of the software and hard- 
audit purposes. ware security components of the security processor. 
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FIG. 7 is a high level flow diagram of authorization Multiple configurations of system security compo- 

checking to execute a command. nent devices at the intelligent workstation (IWS) are 

FIG. 8 shows content of the user profile and com- considered in the system of the invention, 

mand configuration data tables. The IWS may utilize only the cryptographic adapter 

FIG. 9 is a more detailed flow chart of the authoriza- 5 card 29, into which user authorization profiles are 

tion checking of FIG. 7. downloaded from the host computer and in which high- 

FIG. 10 is a command decode flow diagram. speed cryptographic functions such as application pro- 

FIG. 11 shows the structure of data blocks in the^ gram encryption are performed. User identification in 

memory of the IC card, according to the invention. such a* FWS would be accomplished via password 

FIG. 12 is a summary of the commands for most of 10 entry at the IWS keyboard, 

the security devices in the network of the invention. An IWS, utilized primarily in an off-line environ- 

FIG. 13 shows how encryption keys are distributed. ^ have, only the IC card read/write unit and 

FIG. U shows two offline work station logon meth- IC card. In this . configuration, useridentification is 

ods effected by entering a PIN on the read/wnte unit, ven- 

FIG. 15 shows an online work station logon method. 15 flcat j on ***** ? lacc ™ thin ^ IC c f rd - ^ 

user s authorization profile may be used to control func- 

DETAILED DESCRIPTION OF PREFERRED tions performed in the IC card or may be downloaded 

EMBODIMENT into the IC card read/write unit to control its functions. 

Referring now to FIG. 1. fte security c^pone* '^^S"^ 

devices are shown in a network environment in which ™ - , f w i« 7a n ♦ *n J 

. - , ... — . . . r « . • n . t provides all of the functions of the first two configura-r 

they find utility ^ehear^ of such anetwork k a host Additionally , it ^ th e user's authorization \ 

computer 11 which usually ^ profile to be downloaded from the IC card to the cryp. \ 

communication lines to other host computer wmch are P f ^ ^ TOnfig ^ tion adds tojl 

not shown. Host computer 11 performs all the usual ^ af^^^^^ 

dau processing tasks for which it is programmed and, in attachcd to th * rC ad/write unit, thereby providing user 
addition, executes the network security processor, sup. veriflcation either ^ PIN or s i gnflture dynamics, 
port program which is the interface between the net- nG 2 & a mQr - dctai]c(J Mock ^ m of the dectrj . 
work security processor 13 and the host computer 11. cal circuits of IC card 19. In FIG. 2, the central process- 
The network security processor 13 is a small computer 3Q . ^ w nmmvmcatcs via physical contact with 
which may embody personal computer architecture, rea der 17 through input/output circuits 43. Con. 

processor 13 may have a display 15, as well as an IC nectcd to thc computer bus. CPU 41 is random access 
card read write unit 17, according to the invention, and memory 45, read/only memory 47 and electrically eras- 
an IC card 19 embodying the invention. Processor 13 ablC( prograinm able read/only memory 49. 
operates to provide the interface for the host computer 35 A number of requests to the IC card require a boolean 
requests for cryptographic and other security functions response in which the response can have only one of 
and directs thc requests to an internal cryptograhic tw0 values. For the purposes of this description, the 
adapter card 29. two values are referred to as TRUE and FALSE. A 

Communication between host computer 11 and work secure method is used by the programs in the IC card of 
stations is provided by either direct attach or through a 40 jqQ t 2 to communicate this response, 
communications concentrator 21. Concentrator 21 is in j^c method has two very desirable attributes: First 
turn connected to one or more work stations 23 and 25 th e response is kept secret Even if the response data is 
which may operate together on a local area network. rca d from the IC card interface, the boolean value of 
Each workstation will have a keyboard and display and the message cannot be determined. Secondly if the mes- 
optionally may have a card read write unit 17 for read- 45 sage is tampered with, as by an adversary who inter- 
ing and writing information to an IC card 19. In addi- cepts the message and inserts his own replacement, the 
tion, reader 17 may have a signature verification pen 27 act will be detected. 

for use in capturing the acceleration and pressure dy- The response is secured through the following cryp- 

namics while a holder of card 19 is signing a signature. tographic operation: 
[TProcessor 13 and work stations 23, 25 may also have a 50 1. The . requestor generates an eight byte random 
ft cryptographic adapter card 29 installed into their com- number, encrypts it under the session key, and 

( [_pu ter bus. Card 29 has thereon a shielded module 31 sends it to the IC card as part of the request mes- 

vvhich is secure from physical and electrical attempts to sage. 

read or modify information stored in the memory in 2. The IC card decrypts the random number. If the 
module 31. 55 response value is TRUE, the random number is 

Each device has the capability to establish a secure incremented by one. If the response value is 

session with any of the other devices, or with a remote FALSE, the random number is instead incre- 

device which is capable of supporting the secure session mented by two. ' 

establishment protocol. In order for two devices to 3. The smart card re-encrypts the incremented num- 
establish a secure session, they must each contain an 60 ber under the session key and sends it in the data 
identical key encrypting key. This requirement guar an* field of the response message, 

tees that unauthorized devices cannot establish secure 4. The requestor decrypts the data, and compares it 
sessions with each other. A result of the secure session with the random number he originally sent. If the 

process is the establishment of a randomly derived cryp- number is one greater than his original random 

tographic session key known to both devices. Neither 65 number, the response is TRUE. If the number is 
the session key nor any other secret data is divulged on two greater, the response is FALSE. If the number 

the interface between the devices during the session has any other value, the response has been tarn- 

establishment process. pcrcd with and is invalid. 
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Thus, we have accomplished the two goals stated 
above. The response is secret and cannot be determined 
by tapping the communications interface, and any at- 
tempt to alter the response can be detected. 

The random number generator programmed into the 5 
IC card uses an 8-byte counter to create different output 
values each time the algorithm is called. The counter 
itself is not the random number; it is simply one vari- 
able, and is the one used to cause a different value to 

10 

appear each time. 

The counter is in the secure environment of the EE- 
PROM on the IC card, where its value cannot be seen 
by the user. Thus, it is not important that the counter 
actually count upward in the conventional sense. What ^ 
is really important is that it change each time a new 
random number is generated, and that it step through a 
very large number of states. Two to the sixty fourth 
power is the optimal case for a 64 bit counter, but other 
very large numbers of states are also acceptable under 2 q 
most circumstances. 

The EEPROM is nonvolatile, so the counter value is 
maintained even when the device is powered off. There 
is one significant problem with EEPROM, however in 
that each memory cell gradually degrades each time it is 25 
written, and will eventually fail, for example, after 
being rewritten 10,000 times. 

If we implement a simple counter, the low order bit 
changes each time the count is incremented. Thus, we 
would only be guaranteed 10,000 counts before, the 30 
device failed. This clearly does not meet the needs of 
the random number generator. 

The improved method of this invention gives more 
possible values of the counter before the EEPROM 
fails. The improved method has a disadvantage in that it 35 
does not guarantee all counter values will be different, 
but it will generate many different values, in a way that 
cannot be determined from., outside the secure environ- 
ment. It also results in significantly more than the 10,000 
cycles possible with the straightforward counter. 40 

The method used updates the counter in a way which 
will maximize its life. For the EEPROM, this means 
trying to update each cell of the EEPROM equally 
often, so all cells win* age at an equal rate. This is differ- 
ent from the simple counter, in which low order bits are 45 
always updated more frequently than higher order bits. 

The method uses the random number itself to index to 
one of the 64 bits in the counter, then toggles (comple- 
ments) that bit. The bits of the counter are numbered w 
0-63, where bit 0 is the low order bit and 63 is the high 
order bit. The low order 6 bits of the random number 
are interpreted as a value between 0 and 63, and are 
used to select the corresponding bit of the counter, 
which is then toggled. Since the random number gencr- 55 
ator produces a uniform distribution of values, the 64 
bits of the counter are each selected an equal number of 
times, and none are written more often than any others. 
Consider the following simplified example, showing a 
16-bit counter and the lower 4 bits of the random num- 50 
ber. 



Counter 


Random Number bits 


0000000000000000(0) 


1100 


(bit 12) 


0001000000000000 (4096) 


0101 


(bit 5) 


0001000000100000(4128) 


1011 


(bit 11) 


0001100000100000(6176) 


0000 


(bit 0) 


0001100000100001 (6177) 


0111 


(bit 7) 



6 

-continued 

Counter Random Number bits 

0001 100010100001 (6305) . . . . 



Eventually, if the random number values are truly 
random, the counter would take on all two to the sixty 
fourth values, It is unlikely that this will happen in 
reality, but the majority of the values will be attained. 

. Ideally, the EEPROM would allow toggling of indi- 
vidual bits so that each counter update would result in 
only one of the 64 bits being written. In most real EE- 
PROMs, however, the smallest unit that can be written 
is a byte. Thus, when any bit is toggled, the entire byte 
containing that bit will be written. The result of this is 
that each of the eight bytes are written k of the time. 
The lifetime of the counter is then 8 times 10,000, or 
80,000 counts, rather than the 10,000 possible with a 
straightforward counter,. 

FIG. 3 shows a block diagram of the circuitry em- 
bodied in card reader 17. The computational heart of 
card reader 17 is microprocessor 51, connected to a bus 
53 for communication with other elements of the card 
reader. Memory for microprocessor 51 is provided in 
the form of electrically programmable read/only mem- 
ory 55 and static random access memory 57. Blocks 51, 
55, 57, 59 and 65 are enclosed in a secure shielded mod- 
ule with intrusion detection circuitry 59 in order to 
protect the content thereof Intrusion detection cir- 
cuitry is shown, by way of example, in patent applica- 
tion 07/405910 of common assignee with this applica- 
tion. 

In addition to memory, microprocessor 51 is served 
by real time clock 59. Processor 51 interacts with other 
devices and the operator, using the following blocks. 
Communication with the secure cryptographic adaptgj^ 
card 29 in a workstation 25 (or a network security prq^L 
cessor 13) and with the standard RS-232 port of a workH 
station 25 is through asynchronous RS-232 interface 61.. _[ 
The primary, communication between card reader 17 
and an operator is through operator interface 63 which 
includes a keypad, an audible beeper, and light emitting * 
diodes. In addition to those operator interface features, 
the card reader 17 supports a signature pen interface for 
receiving signals representing the signature of a holder 
of IC card 19 who wishes to obtain services authorized 
to the genuine holder of card 19. Pen interface circuitry 
65 provides the input ports for receiving change of 
pressure and acceleration signals representing the signa- 
ture of the person holding the card. This circuitry and 
supporting programs are defined in more detail in U.S. 
Pat. Nos. 3,983,535; 4,128,829: 4,553,258: 4,724,542; 
4,736,445: and 4,789,934, of common assignee with this 
application. 

The IC card 19 itself is read by circuits 67 which 
include physical and electrical c ontac ts for connecting 
the ckcuitQMBiT ^grj lo the bus^Sd^so^ajj^mputer 
microprocessor's! can act in conjunction withlfie com- ~ 
puter 41'in the card under security programs to transfer 
information between the. card reader and the card.__ 

Referring now to FIG. 4 where the block diagramof 
the circuits of the cryptographic adapter card 29 are 
shown, there follows alirief description of each block. 
The heart of cryptographic adapter 29 is the crypto- 
graphic module 31 which provides a tamper/proof envi- 
ronment for the encryption processor and storage 
which contains the cryptographic key s. The crypto- 
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graphic adapter is controlled by microprocessor 71, 
using secure memories in the form of random access 
memory 73 and read/only memory 75. The crypto- 
graphic keys are stored in random access memory 73 
which is kept active by battery backup circuit 77 and 
battery 79. In order to thwart an attack on the secure 
module, battery backup circuit 77 operates under con- 
trol of tamper protection and detection circuit 81 which 
detects any attempt to access module 31 by physically 



forming ordinary persona] computer functions, thereby 
enhancing security. The security operating system is 
based upon an IBM Personal Computer Disk Operating 
System 141 and modified by a multi-tasking program 
143. One of the tasks running under multi-tasking pro- 
gram 143 is a host server module 145. Server 145 man- 
ages the communications between the network security 
processor 13 and the host computer 11 through a chan- 
nel task program 147 and a host channel adapter 149. Of 



attack. The physical and electrical protection of module 10 particular importance is another task in the form of 
"* security, server program 151, performing functions 

complementary to the security functions performed by 
the security server 117 in the workstation shown in 
^FIG. 5. This is accomplished by the cryptographic 
15 adapter task program 153 and cryptographic adapter 
device driver program 155 which provide the interface 
' to a cryptographic adapter 29, installed in the personal 
computer bus of network security processor 13. The IC 
card reader 17 and its associated IC card 19, attached to 



31 is set out in greater detail in U.S. patent application 
Ser. No. 07/405910, of common assignee with this ap- 
plication. Microprocessor 71 uses random access mem- 
ory. 83 which is located outside of the secure module 
31, in addition to its secure memory. To prevent access 
to the contents of secure memory 73 and 75 while mi- 
croprocessor 71 or encryption processor 85 is forming a 
secure process, gate 87 opens the connection of bus 89 
to its outside extension 91 so that any information on 



bus 89 cannot be read from outside of module 31 at 20 the network security processor 13, are used to control 



contacts connecting bus 91. 

Turning now to FIG. 5, a block diagram of the hard- 
ware and software features of a workstation 23 or 25 are 
shown. A customer application program 111 runs in a 
workstation 23 or 25, utilizing security utilities 113 and 25 
interfaces with the operating system program in the 
workstation, using a security application program inter- 
face. The security utilities provide for such functions as 
initializing an IC card 19 or enrolling the reference 



access to the network security processor for initializing 
the security processor, operator services, and mainte- 
nance etc. Another function served by the card reader is, 
to accept parts of master keys in secure fashion in order 
to initialize the security processor, That, after the mas- 
ter key entered in parts, is used to generate other keys 
for distribution to other devices at other nodes in the 
secure network. 
The directory server task 157 contains the pointers 



signatures of a user into the memory of the card. Cryp : 30 and program routines to allow the security server to 

tographic fun ction requests froma customer application — t ""° — ** : « r — »™ * rt 

*2nS35nW*are passed through workstation security^ 
service supervisor and router 115 to the security server 
program 117. Security server program 117 provides the 
program modules and information, the cryptographic J35 
keys needed to perform a specific function, to the cryp- 
tographic adapter hardware 29 through a device driver 
program 119. Example program modules include key 
management module 121. message ajolhejnjcatipn_code 



verification 123, messag eaj|t hentication code generator 



40 



125, and encypher/decypher functions HTfTS^ 

The keys used for generation of message authentica- 
tion codes, encrypting of other keys, and ordinary en- 
cryption and decryption tasks can be stored in many 
places in the secure network. Keys are stored on PC 45 
disk memory in encrypted form, encrypted under the 
master key of one of the security devices, cryptographic 
adapter 29, card reader 17, or IC card 19. Keys are also] 
stored in the nonvolatile memories of cryptograph* 
adapter 29, card reader 17, and IC card 19. 

In those configurations where a workstation has both 
a cryptographic adapter, 29 and an IC card reader 17, 
security functions relating to the IC card or card reader 
are requested by customer application program 111, 
pass down through the various program interfaces 55 
through cryptographic adapter 29 to card reader 17. In 
those configurations where a workstation has only a 
card reader and no cryptographic adapter, the card 
reader is connected to the personal computer of the 
workstation by asynchronous communication interface 60 
61, shown in FIG. 3, which is represented as a commu- 
nication line in FIG. 5. 

Referring now to FIG. 6, a more detailed block dia- 
gram of the circuits and programmed functions, resid-. 
ing in network security processor 13, are shown. Net- 65 
work security processor 13 is based upon a personal 
computer architecture running a special security oper- 
ating system which prevents the computer from per- 



access encryption keys and other information needed to 
perform its cryptographic functions, interfacing with 
PC DOS file access method programs 159. Log server 
161 also is a task which provides for the auditing func- 
tions needed by the system; At the top of FIG. 6 are 
shown blocks 163 which provides installation services 
programming 165, which provides initial program load- 
ing services, and 167 which provides operator interface 
programmed functions. 

FIG. 7 is a high level view of the processing method 
which decides whether a user is authorized to execute a 
particular command. Each test references one or more 
tables, which are shown attached to the corresponding 
processing step. 

The first step 171 checks whether the command is a 
universally authorized command. Universally autho- 
rized commands listed in table 173 are a fixed, prede- 
fined set of commands that are necessary for all users in 
all situations. They are always allowed, regardless of 
the user's authority. None of these commands are 
security-related. 

The next two steps 175 and 177 are actually per- 
formed, together, but are shown separately for clarity. 
These involve checking whether the current user is 
authorized to execute the particular requested com- 
mand. A user's authority is defined by the contents of a 
related user profile in the table of user profiles 179. The 
requirements for execution of the selected command are 
defined in command configuration data table 181 by the 
execution prerequisites for that command. These two 
items of information from the tables are examined to 
determine if the user is permitted to execute the com- 
mand. These steps are set out in more detail in FIG. 9. 

If the. user . Has the authority to execute the selected 
command, there is one additional step 183 that still must 
be performed. A programmable table 185 contains a list 
of dates defined as holidays, and most commands can- 
not be executed on a holiday. This provides an addi- 
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tional level of security. If the current date is listed as a verified his identity by entering his PIN, or by using 

holiday, all commands except the universally autho- signature verification, or some other external means, 

rized commands are disallowed. The methods he can use for verification are controlled 

Once it has been determined that the user is autho- by the verification method identifier in his user profile, 

rized to execute a command, the command is decoded 5 If the pre-execution verification required flag is set 

at block 187, using the command decode tables 189 (block 217) in the command configuration data 181, the 

shown in more detail in FIG. 10. The command is exe- user must re-verify his identity before each time the 

cuted at block 191 of the flow diagram, after which command is executed. Block 219 tests whether the user 

control of the IC card or other security device returns has re-verified his identity in order to use this command, 

to wait for the next command. 10 If this flag is set and the user has not re-verified for 

FIG. 8 represents the relationship between user au- execution of the command, it will not be allowed, 
thorization profiles 179 and command configuration Block 221 determines if the disable time limits flag is 
data 181, as they are utilized within the IC card to se- set in the command configuration data 181. If it is set, 
curely limit the use of commands, as programmed by a the time of day, date, and day of week checking at block 
designated authority of the application owner. IS 223 is bypassed for the command. If the flag is not set, 
Each of the user authorization profiles 179 contains a the time of day limits, expiration date, and valid days of 
command authorization flag bit 197 for each command week fields in the user profile are compared to the cur- 
used in any of the system security devices. If the flag bit rent time, date, and day of week to determine if the 
is not set, then the user is not authorized to execute the command is allowed. If any of these are not satisfied, 
corresponding command. 20 the command is not allowed and further checks are 

User authorization profiles 179 also contain some bypassed, 

number of file and program authorization flags 199. If the current date is found at block 225 to be listed as 
When the user profile is downloaded into a workstation^ 



cryptograhic adapter, each file authorization flag bit is 
associated with a cryptographic data key used for en- 
crypting or decrypting a specific file. Similarly, the 
program authorization flag is used to control access to 
specific programs, 



a holiday in the programmable holiday table, the com- 
mand is not allowed. The user's authority level in his 
IS user profile is compared at blocks 227, 229 and 231 to 
the authority level required to authorize the selected 
command, which is contained in the required authority 
level field of the command configuration data 181. If 



Other data 199, in the user authorization profiles 179, the authority exact match flag is set in the command 

specify a level of authority in the exercise of commands, 30 configuration data, the user's authority level must be 

time of day and day of the week limits, expiration date exactly equal to the required authority level for the 

for the user authorization, and other user flags indicat- command to be allowed. If the authority exact match 

ing the mode for the identification of the user. flag is not set, the user's authority level must be greater 

The command configuration data 181 is independent than or equal to the required authority level for the 

of the user authorization profile, but consists of a num- 35 command to be allowed. 

ber of prerequisite conditions and authorizations for Each user's user profile contains a set of command 

each command. There is a unique set of command con- authorization flags defining which commands that user 

figuration data for each of the system security devices in is excluded from executing. If the requested command is 

the system. not authorized in the user's command authorization 

FIG. 9 is a detailed flowchart showing exactly how 40 flags, execution is not allowed by the logic in block 233. 

the authorization checking of FIG. 7 is performed. The Each user's user profile contains a verification failure 

first step 201, as in FIG. 7, is to check the table 173 of count which counts the number of consecutive verifica- 

universally authorized commands. If the command is in tion failures, either by PIN or by signature verification, 

this table 173, remaining steps are bypassed and the or another external means. Each profile also contains a 

command is automatically authorized. 45 programmable verification failure limit, defining the 

At block 203, the user's user profile 179 is retrieved number of consecutive verification failures the user is 

and, at block 205, the command configuration data 181 permitted before he is locked out. At block 235, the 

for the selected command is retrieved. These are used in user's verification failure count is checked to see if it is 

performing most of the remaining checks. If the com- greater than or equal to his verification failure limit, and 

mand unavailable flag is found, at block 207, to be set in 50 if so, the command is not allowed, 

the command configuration data 181, the command is Referring to FIG. 10, the method of command de- 

not authorized and the remaining steps are bypassed. coding in the IC card is shown. This method employs 

If the secure session required flag is found at step 209 two command decoding tables: one 241 in the micro- 

to be set in the command configuration data 181, the processor ROM. which is fixed, and another 243 in the 

command is not authorized unless a secure session is 55 electrically erasable programmable read only memory 

determined at block 211 to be in effect with the sender (EEPROM), which is programmable. The table 241 in 

of the command. This has the effect of allowing the ROM defines the default subroutine address to be called 

command only if the sender of the command has been for each of the possible commands. The table 243 in 

verified as an authentic system component or device as EEPROM can be loaded with new addresses, which 

for example, an IC card or cryptographic adapter etc. A 60 will override those in the ROM table. The method 

secure session cannot be established between two com- allows one to load new commands into EEPROM, or to 

ponents that do not share certain common crypto- load replacements for commands in the ROM, and to 

graphic keys installed by the owner. use the EEPROM table to cause these downloaded 

If block 213 determines that the initial verification commands to be executed in place of the commands in 

required flag is set in the command configuration data 65 the ROM. Whenever a command is to be executed, the 

181, the user must have verified his identity at some address is first read from table 245 in EEPROM. If 

time during the current session, or the command will block 245 in FIG. 10 determines that the address from 

not be allowed. This is tested at block 215. He may have the table 243 is not zero, it is used as the address of the 



09/09/2003, EAST Version: 1.04.0000 



5,148,481 

11 12 

subroutine to process the requested command. If the A set of flags 257 in the block header . 255 defines 

address is zero, an address is read from the table 241 in various security features for the block. The verification 

ROM and the address read from ROM is used for the required flag, if set. indicates that the user must have 

subroutine to process the command. Thus, any ROM verified his identity before he can be granted access to 

command subroutine can be replaced by inserting a 5 the block. The user can verify his identity with PIN or 

non-zero address into the table 243 in EEPROM. with signature verification or another external verifica- 

FIG. 11 shows the format used on the IC card to tion means. A hidden block flag, if set, indicates that the 

store data blocks; Data blocks are a general purpose block will hot be listed when the user requests a list of 

means for defining and managing user or system data toe blocks that exist on the IC card: 

areas in the IC card non-volatile memory. Data is writ- 10 A secure session required flag, if set in 257, indicates 

ten to the blocks and read from the blocks. There, are that the block cannot be accessed from a device unless 

many options and features to keep the data secure from ^at device has . a secure session in effect with the IC 

attacks. A session key encryption required flag, if set m 

251 in FIG. 10 shows the overall layout of data 257, indicates that all data transmitted to the card for 

blocks in the IC card EEPROM memory: The low 15 writing in the block, or transmitted from the card when 

portion of the memory is reserved for information that read from the block, will be encrypted using the session 

is not related to the data blocks. All memory above this ^established between the IC card and the device 

fixed, predefined data is available for the definition of w * whlch ^ ur * ^ on \ 

data blocks; They are allocated in contiguous segments ^ If bl <** J? a * m 257 15 *i A< \ block tok # en 

of the memory. The first data block defined occupies 20 must 1****}° ** IC jm^^uc^ 

memory starting immediately after the fixed data, the £*P hlc IC ^rypt *he token using 

secon Iblock defined immedktely foUows the first, and . ^^SVt^^^^S 

' with the token stored in the block header 255. Access to 

i- *u * * r ■ i j * ui i c u the block will be denied unless the decrypted token is 

253 shows the structure of a single data block. Each cofrcct ^ cnsurcs ^ ^ Wock ^ ac . 

Mock consists of two parts a header and a data area. ^ if ^ ^ ^ ^ ^ 

The header contains contro information related to the ^ |he t hic k ^ has ^ 

block, and the data area contains the data wh.ch is wnt- ^ect^ rotectin ^ '^from either read or write 

ten to and read from the block. The f formation in the ^ Ae req uester knows the correct secret 

header is denned when the block is allocated. The data ^ ^ 

area is of a fixed size once the block has been defined by ^ typica] metho<J for protccting data using encryp . 
the one of the users. tion is . to encrypt the data itself when it is stored. The 
255 shows the contents of the block Reader The key must be used when it is read back and de- 
block ID is an eight byte field used to identify the block. cryp ted in order to retrieve meaningful data. This pro- 
It is passed to the card with all data block commands in 35 tects rcading by those who do not ^ 
order to identify the block of interest Any eight byte kcy> It has two disadvantages, however. First, it 
value is permitted. The token is a secret value used to req uires the overhead of encrypting and decrypting the 
authorize access to the data in the block. The user must dat3t w hich can be time consuming for large data 
pass the correct token to the IC card with each data blocks. Secondly, it only protects the read operation, 
block command in order to be granted access to the 40 The daU can still be overwritten by someone who does 
block. The token is similar to a password for access to not possess the key, although the data written might not 
the block. It is defined by the user at the time the block be meaningful. 

is allocated. In order to protect the block ID and token The secured block concept employed in the IC card 

from disclosure, they can be encrypted under the ses- described here is a superior alternative to simple en- 

sion key when they are transmitted to the IC card. 45 cryption of the data in the block. It requires far less 

The data length field in 255 defines the number of encryption overhead, and also protects both reading 

8-byte paragraphs in the data area of the block. A value and writing of the date block, the method encrypts the 

of 1 indicates that there are 8 bytes in the data area, a block token when it is sent to the IC card, rather than 

value of 2 indicates there are 16 bytes, and so on. encrypting the data itself. The IC card decrypts the 

A checksum is stored in the header 255 to allow veri- 50 token; and if the user does not possess the correct cryp- 

fication of data integrity in the data portion of the block. tographic key, the IC card will recover a token value 

The checksum is calculated from the data each time it is that does not match the token stored in the block 

written, and the checksum is verified each time the data header. Access to the block, either in read or write 

is read. If the checksum indicates there is an error in the mode, will then be denied. Only encryption of the eight 

data read, the data is still returned to the requester, but 55 byte token is required. 

a warning code is returned to inform the requester of Note that storing the data in encrypted form is not 

the error condition. required m the IC card. The data is stored in the EE- 

Thc header 255 contains read authorization flags and PROM, which is a secure environment The only need 

write authorization flags for each user profile; Each of for encryption of the data is when it must be protected 

the possible IC card users can be given read only access, 60 as it passes over the interface to the IC card. For that 

write only access, read/write access, or no access to purpose, the IC card can accept data encrypted under 

each data block individually. the session key for the write operation, and can encrypt 

The header also contains a minimum authority level outgoing data under the session key for the read opera- 

which is compared with the authority level in the user's tion. 

profile. The user's authority level must be greater than 65 A summary of the classes of default commands that 

or equal to the minimum authority level in the block can be executed by the security component, devices is 

header in order for that user to be granted access to the shown FIG. 12. In the IC card, for example, additional 

block. and different commands can be downloaded to the IC 
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card device in order to perform additional functions as management structure in the application, the need for 

they are found to be needed. data keys, to be held in common between the central 

FIG. 13 describes a method of cryptographic key network security processor 13 and other system or 

initialization of the system security component devices network nodes, and the level of key management con- 

of the system of the invention. Reference is made also to 5 trol delegated to the system or network node, the sec- 

FIG. 1. ondary.keys may include data keys for safeguarding the 

The host CPU 11 responsible for overall key manage- files and programs of the node device. Alternatively, 

ment for the system or network contains in its network these keys could be generated locally at the node under 

security processor 13 a host master key under which the the node master key. 

master node keys for all other network node devices are 10 FIG. 14 illustrates the off-line intelligent work station 

encrypted. The host master key is generated manually (IWS) logon procedure in the system of the invention, 

by a privileged and responsible individual (security using the system security component devices described 

administrator) in a highly secure and protected environ- in FIGS. 1 through 5 of this invention. Reference is 

men t. made to FIG. 1 for devices identified therein. 

The host master key may be entered into the network 15 When the user inserts the user's IC card, step 325, 

security processor 13 in several different ways. Using into the IC card read/write unit 17, those two devices 

IC cards 19 with the highest level of authority in its user ' establish a secure session between them in step 327. This 

authorization profile.,the security administrator gener- action occurs transparently to the user, is built on the 

ates master key parts on his IWS 25, incorporating a existence of a cryptographic processor in both devices, 

cryptographic adapter 29 and IC card read/write unit 20 and results in a unique session key. When the secure^ 

17.,and then enters the host master key parts into the . session has been established, the cryptographic adapter 

network security processor 13, using its attached IC 29, if it is present in the IWS, is advised by the IC card 

card read/write unit 17. This is accomplished through . read/write unit 17 that the secure session has been es- 

the use of commands defined under a common crypto- tablished. At step 329, action is then initiated to estab- 

graphic architecture specifying the cryptographic 25 lish a similar secure session between the IC card 19 and 

structure, commands and operation of all system secu- the cryptographic adapter 29. At the conclusion of thaU 

rity component devices in the system of the invention. action, the IC card is in secure session with both of the I 

The common cryptographic architecture is described in other devices. The cryptographic adapter will attempt 

great detail in co-pending U.S. patent application Ser. to establish a secure session with the reader at initializa- I 

Nos. 231,114; 233,575 237,938; 238,010 and 344,165. 30 tion of the cryptographic adapter. In the process of \ 

Alternatively, the security administrator may enter the establishing secure sessions among these devices, the j 

host master key into the network security processor 13 authenticity of each device is verified. ^ 
directly through the PIN pad keyboard of the IC card The next step in the logon procedure is to verify the 

read/write unit under the authorization profile loaded identity of the user person to the IWS. FIG. 14 illus- 

into it from the security administrator's IC card. 35 trates two methods of user verification: one based on 

The next step in the process of cryptographic key the use of a secret pin verification number (PIN); and 

initialization of the system or network is to generate another based on the comparison of dynamic signature 

network node master keys encrypted under the host pattern data of a verification signature with that of 

master key. Toward maximization of security in the reference signatures prerecorded in the IC card. Be- 

transportation of the node master keys from the net- 40 cause the latter procedure is inherently less susceptible 

work security processor 13 to the remote network to compromise and more costly to implement than the 

nodes, the node master keys are generated in parts and former, the choice between the two reverts to a value 

each part written into the secure memory of separate IC judgment for each application. 

cards 19. This step is shown at block 311 in FIG. 13. The PIN verification is initiated at step 331 by a 

Only after the key parts are sequentially imported from 45 prompt to the user to enter the user PIN on the PIN pad 

the pair of IC cards 19 containing the key parts to an- of the IC card read/write unit 17. Within this unit, the 

other system security component device, and crypto- PIN and a random number are encrypted using the 

graphically assembled, is the node master key usable. session key, and passed across the protected interface to 

Importing or loading the key parts into other node the IC card 19. Within the IC card 19 at step 333 the 

devices is shown at steps 313 and 315 in FIG. 13. 50 received quantity is decrypted, the random number is 

After all system or network nodes have been so ini- separated from the PIN, the PIN is verified against the 

tialized with master node keys, node key encrypting user PIN stored in the IC card. Based on the result of 

keys may be generated by the central network security the verification attempt, the random number is incre- 

processor 13 under control of the key management mented by either a 1 or a 2 and encrypted to provide a 

application program running on the host CPU 11, and 55 protected response to the IC card read/write unit, 
encrypted under the specific node master key which Isl Alternatively, signature verification is initiated at step 

held within a secure key directory in the network secu-/ 335 by a request from the cryptographic adapter 29 to 

rity processor 13. Other secondary keys such as datd the IC card 19 to download the user's signature refer- 

keys for specific purposes, may then be transported ence data. In the IC card, the signature reference data is 

through the system facilities, encrypted under a nodesi60 read from secure memory, encrypted, and passed 

key encrypting key. This step appears at block 317 inj through the IC card read/write unit 17 to the crypto- 

FIG. 13 Transportation of these keys is effected graphic adapter 29, where it is decrypted at step 337 and 

through the host computer 11, as shown by step 319 to held in memory. 

the system or network communications facilities The The user is then prompted at step 339 to write a veri- 

secondary keys are downloaded at steps 321 and 323 in 65 fication signature, and using the signature verification 

a secure session to each node represented by a security pen 21 attached to the IC card read/write unit 17, the 

component device such as a cryptographic adapter 29 user writes a signature. The analog signals from the pen 

or an IC card read write unit 17. Depending on the key are digitized and -encrypted and passed across its pro- 
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tccted interface to the cryptographic adapter 29, where 
the signature data is decrypted and placed in memory. 
Within the cryptographic adapter at step 341, the dy- 
namic signature verification algorithms described in 
U.S. Pat No. 4,724,542 are invoked to effect a confident 
match of the verification signature data against the 
multiple reference signature data sets. 

Thus far in the off-line logon process, the authenticity 
of the security component devices have been validated 
and the user person's identity has been verified to the 
IWS. It remains to establish, within the security compo- 
nent devices of the IWS, the authorization to access 
IWS resources within time-of-day/day-of-week limits 
and more specifically to exercise the command set of 
the device, to utilize files and programs within the IWS. 

Requests from the card reader 17 and the crypto- 
graphic adapter 29 to the IC card 19.would result at step 
343 in the downloading of the user authorization profile 
to the IC card read/write unit 17 and to the crypto- 
graphic adapter 29. Then, as described in detail with/20 
FIGS. 7. 8 and 9, the user verification profile, the com- 
mand configuration data and cryptographic keys com- 
bine at steps 345 to control the use of commands, files 
and programs throughout the session. 

On logoff, the user authorization profile that had been 25 
downloaded from the user's IC card to the crypto- 
graphic adapter is removed at step 347, and the crypto-, 
graphic adapter reverts to its default profile. 

FIG. 15 illustrates the intelligent work station (IWS) 
on-line logon procedure, utilizing the cryptographic 30 
adapter as the only system security device in the IWS. 

Through the communications facilities in the IWS 25 
and the host CPU 11, a secure session is established 
between the cryptographic adapter 29 in the IWS and 
the network security processor 13. As it is in the off-line 35 
logon procedure described in connection with FIG. 14 
the establishment of the on-line secure session is trans- 
parent to the IWS user. 
User identification with this IWS configuration is 



profile downloaded from the network security proces- 
sor 13, the common, configuration data resident in the 
cryptographic adapter 29 of the IWS 25, and the sec- 
ondary cryptographic keys previously established in the 
cryptographic; adapter, all serve to control the use of 
commands, files and programs in the IWS; As in the 
off-line case, logoff at step 359 results in the removal of 
the downloaded user. authorization profile and substitu- 
tion of the default profile. 

While the invention; has been described with refer- 
ence to a preferred embodiment thereof in the form of a 
transaction security system including an IC card, it will 
be apparent to those skilled in the art of computer sys- 
tem design that the principles, methods, and apparatus 
of the invention can be applied hi other environments to 
enhance the security and prevent fraud. 

What is claimed is: : 

1. The method of communicating a secure boolean 
response comprising the steps of 

a) generating a random number in a security device; 

b) encrypting said random number under a key; 

c) sending said encrypted random number to another 
security device; 

d) decrypting said encrypted random number in said 
another security device: 

e) modifying said random number by a first function 
if said response is true: 

0 modifying said random number by a second func- 
tion if said response is false: 

g) encrypting said modified random number; 

h) sending said encrypted modified random number 
to said first security device; 

i) decrypting said encrypted modified random num- 
ber at said first security device: and 

j) comparing said modified random number with said 
random number to determine said response. 

2. The method of changing a value used in the gener- 
ation of a random number in a security device of the 
type having a value storage means which can be written 



initiated at step 351 by the entry of the user's password 40 a limited number of times before becoming unreliable, 
at the IWS keyboard in response to a prompt message. 
The logon password is verified at step 353 in the net- 
work security processor 13 against its directory of au- 
thorized users. A positive verification results in the 
retrieval at step 355 of the user authorization profile 45 
from the directory. The profile is then encrypted under 
the session key created for the session and the encrypted 
profile is downloaded at step 357 to the cryptographic 
adapter 29 in IWS 25. 

The IWS 25 may then continue to operate in an on- 50 
line mode with the host CPU 11 as a continuation of the 
same secure session or under a subsequent secure ses- 
sion. The IWS may also revert to an off-line mode rep- 
resented in step 357 in which the user authorization 

55 



comprising the steps of: 
generating a random number by encryption using said 
value; 

using a portion of said random number to select a 
random part of said value for change; 

changing only said random part of said value in said 
storage means; 

leaving unchanged a remainder of said value in said 
storage means; 

whereby said value in said storage means may be 
changed substantially more than said limited num- 
ber of times before said storage means becomes 
unreliable; 



60 



65 



09/09/2003, EAST Version: 1.04.0000 



